[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dovecot
Subject:    Re: LMTP and public mailboxes?
From:       Eric Abrahamsen via dovecot <dovecot () dovecot ! org>
Date:       2019-02-22 21:48:28
Message-ID: 87va1b336b.fsf () ericabrahamsen ! net
[Download RAW message or body]

Eric Abrahamsen via dovecot <dovecot@dovecot.org> writes:

> Hi,
>
> I've been using postfix and dovecot for a few years, and have been doing
> public mailboxes with dovecot-lda, using a postfix transport that looks
> like (line wrapped for the mailer):
>
> my-public-transport unix - n n - - pipe
>   flags=DRhu user=vmail:vmail argv=/usr/bin/spamc -u <me> -e \
>   /usr/lib/dovecot/dovecot-lda -f ${sender} -d <me> -m public/${user}
>
> So messages first passed to spamassassin, using my own personal config
> for bayes rules, then to dovecot-lda, using my user for auth, and
> finally delivering to a public/* mailbox, with acl rules for access.
>
> I'm moving spamassassin to a mimedefang milter, so that's out of the
> equation; and LDA to LMTP, so the postfix config simply becomes:
>
> virtual_transport = lmtp:unix:private/dovecot-lmtp
>
> That's much nicer, but I'm not sure how to handle the public mailbox
> using LMTP.
>
> How are people doing this? While Googling I saw a recommendation to
> create a virtual user for the public mailboxes, and then presumably
> Postfix would map "info@mydomain.com" to "publicuser+info@mydomain.com"
> and I would go from there. But that seems a little weird: I don't want
> anyone to be able to log in as publicuser, nor to send mail as that user
> (Postfix uses Dovecot for auth). Yet I don't seem to be able to pass
> other arguments to lmtp, that might indicate which user to use for auth.

What I ended up doing, which is working out very nicely, is nesting
another userdb inside the lmtp protocol stanza:

protocol lmtp {
  # ...
  userdb {
    passwd-file
    args = /etc/dovecot/publicuser.db
  }
}

That database defines my public user, public@mydomain.net, and its
mail/home arguments, but it's only valid for the LMTP transport -- it's
not available for IMAP login, nor postfix SMTP authentication. Its
mailboxes are only accessible by other users, via acl files.

Postfix's virtual_alias_maps contain entries like:

info@mydomain.net   public@mydomain.net

Then sieve rules in the public user's directory look at the "to" header
(envelope "to" is always public@mydomain.net) and shunt the mail into
the right mailbox.

This works great (though I'm a tiny bit uncomfortable that the
Delivered-To header still contains "public@mydomain.net").

Later I changed postfix's config to:

info@mydomain.net   public+info@mydomain.net

That way I didn't need a sieve script at all, only needed make sure
recipient_delimiter was "+", and lmtp_save_to_detail_mailbox was "yes".

Hope this is useful for posterity...

Eric

[prev in list] [next in list] [prev in thread] [next in thread]